End-to-end transport layer security

Transport Layer Security (TLS) and its predecessor Secure Socket Layer (SSL) are security protocols that provide Point-to-Point (P2P) data protection. P2P protection refers to two communicating nodes, e.g., a first communication node and a second communication node, exchange public keys to establish two session keys, a Data Encryption Key (DEK) and a Message Integrity Key (MIK). The MIK is typically used for keyed Hash-based Message Authentication Code (HMAC). TLS offers several key establishment schemes.

[Finalize when Jeff Approves the Claims]

These and other features, together with the organization and manner of operation thereof, will become apparent from the following detailed description when taken in conjunction with the accompanying drawings.

A TLS can implement various key establishment schemes, including Rivest, Shamir, and Adleman (RSA) key transport, Diffie-Hellman (DH) key agreement, Elliptic Curve Diffie-Hellman (ECDH) key agreement, and ephemeral DH key agreement (DHE) or ECDH with ephemeral keys (ECDHE) key agreement. TLS supports static public key certificates and ephemeral public keys, but TLS 1.3 only allows ephemeral keys. The recipient (TLS client) of a public key certificate performs certificate validation to trust the sender (TLS server) public key. The TLS server will perform certificate validate only for client authentication. An ephemeral key has a short time-to-live (e.g., within seconds) that public key certificates are not practical, but typically the sender ephemeral key is signed and verified using the TLS server certificate. TLS will be updated to address the National institute of Standards and Technology (NIST) Post-Quantum Cryptography (PQC) algorithms. Regardless of the key establishment scheme, TLS is a P2P scheme between two communication nodes.

In a typical PP TLS scheme for connections between four communication nodes (A, B, C, and D) using DH, three TLS sessions are established. A first TLS session is established between nodes A and B to establish session keys S. A second TLS session is established between nodes B and C to establish session keys S. A third TLS session is established between and nodes C and D to establish session keys S. For data encryption from communication nodes A, B, C, and D, six operations are implemented. For example, node A encrypts data using Sand sends the encrypted data to node B. Node B decrypts the data using S, re-encrypts data using S, and sends re-encrypted data to node C. Node C decrypts the data using S, re-encrypts data using S, and sends the re-encrypted data to node D. Node D decrypts data using S. In this example, six cryptographic operations are performed in a P2P TLS scheme including four nodes. For a P2P TLS scheme including three nodes, four cryptographic operations are performed. The separate TLS connections between the nodes conventionally require each intermediate node to decrypt the inbound data and re-encrypt the outbound data Accordingly, the number of cryptographic operations for a conventional P2P TLS scheme is 2+2 (N−2), where N is the number of nodes in the P2P TLS scheme.

Referring generally to the FIGS., apparatuses, systems, methods, and non-transitory computer-readable media described herein relate to E2E TLS schemes. As compared to P2P TLS schemes, E2E TLS schemes improve the speed and efficiency in communications between communication nodes and reduce risk of data disclosure. The E2E TLS schemes can employ key establishment schemes and symmetric cryptography. The E2E TLS schemes reduce intermediary decrypt and re-encrypt functions of intermediary communication nodes of the TLS connection, thus reducing the risk of intermediary access to cleartext data in between the decrypt and re-encrypt functions at the intermediate nodes. Accordingly, the overhead in performing cryptographic functions (e.g., encrypt, decrypt, generate Message Authentication Code (MAC), verify MAC, and so on) and in establishing session keys between communication nodes in a TLS connection can be improved.

is a block diagram of a systemconfigured to implement an E2E TLS scheme, according to some arrangements. The systemincludes at least a first communication node, a second communication node, a third communication node, and a fourth communication node. In some arrangements, the communication nodes,,, andcan be Internet-connected or network-connected computing devices such as computers, servers, mobile devices, datacenters, smartphones, smart wearables, etc. The communication nodes,,, andcan include any type of device or system configured to execute one or more software applications. In some arrangements, each of the communication nodes,,, andcan include an operating system (e.g., Windows, Linux, MAC OS, etc.) on which the software applications can be executed. Examples of the communication nodes,,, andcan include routers, firewalls, load balancers, network appliances, servers, databases, and so on. For example, the first communication nodecan be a first application server. The second communication nodeis a network load balancer that balances the load of incoming traffic and selects the third communication node. The third communication nodecan be a proxy server that can select the fourth communication nodeto be the end point of the TLS connection. The fourth communication nodecan be a second application server or a database. The nodesandcannot communicate directly For example, the first communication nodemay be a device connected to the second communication nodethrough the internet (e.g., a public connection), and the nodesandmay be in a Demilitarized Zone (DMZ) of an enterprise, and the fourth communication nodemay be a device within an internal network of the nodes,, and. In other words, the nodesandcan only communicate indirectly via the TLS connection due to network architecture and security.

The communication nodes,,, andare on a path defined by a TLS connection. The TLS connection starts at a start node (the first communication node), passes through intermediate nodes (the second and third communication nodesand), and ends at an end node (the fourth communication node). Encrypted data can be moved in the TLS connection, from the first communication nodeto the second communication nodevia a connection, from the second communication nodeto the third communication nodevia a connection, from the third communication nodeto the fourth communication nodevia connection. The start node in a TLS connection is the node from which the data originates, and the start node is node that first encrypts the data. The start node is the first TLS client sending the initial Client Hello message to the TLS server. The end node in a TLS connection is the TLS server and the node intended by the start node to receive the data. The end node decrypts the encrypted data and performs certain processes using the data. The TLS connection includes one or more intermediate nodes that passes, forwards, or relays the encrypted data originating from the start node (e.g., received from the start node or another intermediate node) to another intermediate node or the end node, without decrypting the data, without re-encrypting the data, without verifying the MAC, and without re-generating MAC. An intermediate node acts as both a TLS client and a TLS server. In some examples, the end node can generate additional data in the processes performed using the data originating from the start node, encrypt the additional data, and send the encrypted additional data to the start node via at least one intermediate node. In this case, the end node is the start node, and the start node is the end node. Examples of data include values, instructions, notifications, parameters, and so on.

Each of the communication nodes,,, andincludes a processing circuit,,, or, respectively. A processing circuit,,, orincludes a processor,,, orand a memory,,, or, respectively. Each processor,,, oris implemented as a general-purpose processor, an Application Specific Integrated Circuit (ASIC), one or more Field Programmable Gate Arrays (FPGAs), a Digital Signal Processor (DSP), a group of processing components, or other suitable electronic processing components. Each memory,,, or(e.g., Random Access Memory (RAM), Read-Only Memory (ROM), Non-Volatile RAM (NVRAM), Flash Memory, hard disk storage, etc.) stores data and/or computer code for facilitating the various processes described herein. Moreover, each memory,,, oris or includes tangible, non-transient volatile memory or non-volatile memory. Accordingly, each memory,,, orincludes database components, object code components, script components, or any other type of information structure for supporting the various activities and information structures described herein. The processing circuitcan be used to implemented one or more of the circuitsand. The processing circuitcan be used to implemented one or more of the circuitsand. The processing circuitcan be used to implemented one or more of the circuitsand. The processing circuitcan be used to implemented one or more of the circuitsand.

In some examples, the processing circuitof the first communication nodecan execute an application or software that generates the data intended for the fourth communication node(end node) or needs the data to be sent to the fourth communication nodevia the TLS connection (e.g., via the intermediate nodesand). In some examples, the processing circuitof the fourth communication nodecan execute an application or software that receives the data originating from the first communication node(start node), processes such data, and in some cases generate additional new data to be sent to the first communication nodevia the TLS connection. Examples of the application or software include email, instant messaging, database, web browser, applications or software over the Internet or World Wide Web, and so on.

Each of the communication nodes,,, andincludes a network interface circuit,,, or, respectively. Each network interface,,, oris configured for and structured to establish a connection and communicate with another network interface of another communication node via the connection,, or. The network interface circuits,,, orare structured for sending and receiving data over one or more communication networks. Accordingly, each of the network interface circuits,,, andincludes any of a cellular transceiver (for cellular standards), wireless network transceiver (for 802.11X, ZigBee, Bluetooth, Wi-Fi, or the like), wired network interface, or a combination thereof. For example, each of the network interface circuits,,, andcan include wireless or wired network modems, ports, baseband processors, and associated software and firmware. The network interface circuitcan send data to the network interface circuitvia the connection, vice versa. The network interface circuitcan send data to the network interface circuitvia the connection, vice versa. The network interface circuitcan send data to the network interface circuitvia the connection, vice versa.

Each of the connections,, andcan be a network such as any suitable Local Area Network (LAN), Wide Area Network (WAN), or a combination thereof. For example, the networkcan be supported by Frequency Division Multiple Access (FDMA), Time Division Multiple Access (TDMA), Code Division Multiple Access (CDMA) (particularly, Evolution-Data Optimized (EVDO)), Universal Mobile Telecommunications Systems (UMTS) (particularly, Time Division Synchronous CDMA (TD-SCDMA or TDS) Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), evolved Multimedia Broadcast Multicast Services (eMBMS), High-Speed Downlink Packet Access (HSDPA), and the like), Universal Terrestrial Radio Access (UTRA), Global System for Mobile Communications (GSM), Code Division Multiple Access 1× Radio Transmission Technology (1 x), General Packet Radio Service (GPRS), Personal Communications Service (PCS), 802.11X, ZigBee, Bluetooth, Wi-Fi, any suitable wired network, combination thereof, and/or the like. In some examples, the connectionmay be through the Internet via suitable protocol such as Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP), or so on. the connectionsandmay be internal connections or networks within an enterprise.

Each of the communication nodes,,, andincludes a cryptography circuit,,, or, respectively, for performing cryptographic operations. For example, each of the cryptography circuit,,, andcan encrypt data, decrypt data, and generate or otherwise obtain keys in the manner described herein.

While various circuits, interfaces, and logic with particular functionality are shown, it should be understood that each of the communication nodes,,, andincludes any number of circuits, interfaces, and logic for facilitating the operations described herein. For example, the activities of multiple circuits are combined as a single circuit and implemented on the same processing circuit (e.g., the processing circuit), as additional circuits with additional functionality are included.

is a methodfor performing TLS-based communications, according to various arrangements. Referring to, the methodcan be performed by the system, including the communication nodes,,, and. The TLS connection is established among the communication nodes,,, andas described herein.

At, the first communication node(e.g., the network interface circuit) sends a messageto the second first communication nodevia the connection. At, the second communication node(e.g., the network interface circuit) receives the message originating from the first communication nodevia the connectionand forwards the same message to the third communication nodevia the connection. At, the third communication node(e.g., the network interface circuit) receives, from the second communication nodevia the connection, the message originating from the first communication nodeand forwards the same message to the fourth communication nodevia the connection. At, the fourth communication node(e.g., the network interface circuit) receives, from the third communication nodevia the connection, the message originating from the first communication node.

In some examples in which DH key agreement or ECDH key agreement is used to establish keys for the TLS connection, the message originally sent by the start node (e.g., the first communication node) and forwarded or relayed by the intermediate nodes (e.g., the communication nodesand) to the end node (e.g., the fourth communication node) includes a public key of the first communication node.

In some examples in which ephemeral key agreement is used to establish keys for the TLS connection, the message originally sent by the start node (e.g., the first communication node) and forwarded or relayed by the intermediate nodes (e.g., the communication nodesand) to the end node (e.g., the fourth communication node) includes an ephemeral key of the first communication node. In some examples in which ephemeral key agreement is used to establish keys for the TLS connection, the message originally sent by the start node (e.g., the first communication node) and forwarded or relayed by the intermediate nodes (e.g., the communication nodesand) to the end node (e.g., the fourth communication node) includes an ephemeral key of the first communication nodeand a public key of the first communication node.

At, the fourth communication node(e.g., the network interface circuit) sends a response to the third communication nodevia the connection. At, the third communication node(e.g., the network interface circuit) receives the response via the connectionand forwards the same response to the second communication nodevia the connection. At, the second communication node(e.g., the network interface circuit) receives, from the third communication nodevia the connection, the response originating from the fourth communication nodeand forwards the same response to the first communication nodevia the connection. At, the first communication node(e.g., the network interface circuit) receives, from the second communication nodevia the connection, the message originating from the fourth communication node.

In some examples in which DH key agreement or ECDH key agreement is used to establish keys for the TLS connection, the response originally sent by the end node (e.g., the fourth communication node) and forwarded or relayed by the intermediate nodes (e.g., the communication nodesand) to the start node (e.g., the first communication node) includes a public key of the fourth communication node. In some examples in which ephemeral key agreement is used to establish keys for the TLS connection, the response originally sent by the end node (e.g., the fourth communication node) and forwarded or relayed by the intermediate nodes (e.g., the communication nodesand) to the start node (e.g., the first communication node) includes an ephemeral key of the fourth communication node. In some examples in which ephemeral key agreement is used to establish keys for the TLS connection, the response originally sent by the end node (e.g., the fourth communication node) and forwarded or relayed by the intermediate nodes (e.g., the communication nodesand) to the start node (e.g., the first communication node) includes an ephemeral key of the fourth communication nodeand a public key of the fourth communication node.

In some examples, a TLS session handshake includes 205-240. The message relayed to the fourth communication nodein-can be referred to as a notification, acknowledgement, or client “hello.” The response relayed to the first communication node in-can be referred to as an acknowledgement or server “hello.” The TLS session handshake can be performed for each communication session (e.g., defined by a length of time or other conditions) between the nodesand. Accordingly,-allow the first communication nodeand the fourth communication nodeto exchange their respective public keys and/or ephemeral keys under the DH key agreement, ECDH key agreement, or the ephemeral key agreement. The public keys and/or ephemeral keys of the nodesandcan be used to establish session keys for the TLS connection. For example, the communication nodesandcan establish session keys for the TLS connection atand, respectively. In some examples,andcan be performed for each communication session between the nodesand.

In the examples in which the nodesanduse DH key agreement to establish the session keys, the nodesandexchange their respective public keys in-as described. That is, the first communication nodesends its public key via the nodesandto the fourth communication nodevia-, and the fourth communication nodesends its public key via the nodesandto the first communication nodevia-. The cryptography circuitof the first communication nodeand the cryptography circuitof the fourth communication nodegenerate a shared secret. For example, the cryptography circuitof the first communication nodeuses its own private key and the public key of the fourth communication nodeto compute the shared secret. The cryptography circuitof the fourth communication nodeuses its own private key and the public key of the first communication nodeto compute the shared secret using the DH group algebra shown in expressions (1)-(4). In some arrangements, the cryptography circuitof the first communication nodegenerates a random number a as the private key of the first communication nodeand computes the public key A of the first communication nodeusing:mod  (1);

The cryptography circuitof the fourth communication nodegenerates a random number b as the private key of the fourth communication nodeand computes the public key B of the fourth communication nodeusing:mod  (2);

The cryptography circuitof the first communication nodecan compute the shared secret Busing:=(mod)=modmod  (3).

The cryptography circuitof the fourth communication nodecan compute the shared secret Ausing:=(mod)=modmod  (4).The cryptography circuitsandcan each run a key derivation function using the computed shared secret to generate session keys atand. For example, the two session keys can include a key used for encryption and decryption, and a key used for MAC generation and verification.

In the examples in which the nodesanduse ECDH key agreement to establish the session keys, the nodesandexchange their respective public keys in-as described. The EDCH key agreement is similar to the DH key agreement scheme, except that Elliptic Curve Cryptography (ECC) math equivalent of group algebra instead of the DH group algebra shown with respect to expressions (1)-(4).

In the examples in which the nodesanduse the ephemeral key agreement to establish the session keys, the nodesandexchange their respective ephemeral keys in addition to or replacing the static public keys in-as described. The ephemeral key agreement can support both DH and ECDH. For example, ANSI X9.42 DH and X9.63 EDCH allow the first communication nodeto use static public key, ephemeral key, or both, and allow the fourth communication nodeto use static public key, ephemeral key, or both in establishing the session keys. In some examples, the Internet Engineering Task Force (IETF) specification RFC 4492 supports only ephemeral keys and repurposes existing RSA certificate of the fourth communication nodeto sign the ephemeral public key of the fourth communication node.

Accordingly, the first communication nodecan send information to the fourth communication nodeto establish the session keys via the connections,, andand relayed by the intermediate nodesand, in that order, as described at,,, and. The fourth communication nodecan send information to the first communication nodevia the connections,, andand relayed by the intermediate nodesand, in that order, as described at,,, and. Information used to establish the session keys for the TLS session can be exchanged accordingly.

In the examples in which the nodesanduse the RSA key transport scheme to establish the session keys, the fourth communication nodesends its public key certificate and other RSA-related information to the first communication node, e.g., via the connections,, andand relayed by the intermediate nodesand, in that order, similar to described at,,, and. The first communication nodevalidates the certificate of the fourth communication node, generates a random number (e.g., a number used once (nonce)), encrypts the nonce using the public key of the fourth communication node, and sends the encrypted nonce and other RSA-related information to the fourth communication nodevia the connections,, andand relayed by the intermediate nodesand, in that order, similar to described at,,, and. The fourth communication nodedecrypts the encrypted nonce using the private key of the fourth communication nodecorresponding to the public key of the fourth communication node. Both the nodesandcan use the nonce and other exchanged information to derive the two session keys atand.

Accordingly, from a TLS protocol perspective, to exchange the information (e.g., public keys or ephemeral keys), when the first communication nodesends the “Client Hello” (e.g., the message) to the second communication node, instead of the second communication noderesponding with a “Server Hello” as conventionally performed, the second communication nodesends a “Client Hello” to the third communication node, and then the third communication nodesends a “Client Hello” to the fourth communication node. When the fourth communication noderesponds with a “Server Hello” to the third communication node, the third communication noderesponds with a “Server Hello” to the second communication node, and then the second communication noderesponds with a “Server Hello” to the first communication node. The first communication nodeis conceptually unaware that the “Server Hello” is from the fourth communication nodein some examples, and similarly the fourth communication nodeis unaware the “Client Hello” is from the first communication node. This allow nodesandto establish session keys Susing the TLS process. The intermediate nodesandcan operate in the E2E TLS scheme and/or retain backward compatibility with traditional P2P TLS scheme based on configuration parameters manage on intermediary nodesand. The two endpoint nodesandmay remain unaware of the E2E TLS protocol.

Accordingly, instead of establishing three session keys (e.g., session key sets S(,), S(,), and S(,)) between the nodesand, between the nodesand, and between the nodesand, respectively, one session key sets S(including one key for encryption referred to as a data encryption session key and one key for MAC generation referred to as the MAC session key) is established atand.

At, the cryptographic circuitof the first communication nodeencrypts data using the data encryption session key derived at. The cryptographic circuitcan also generate a MAC using the MAC session key. At, the first communication node(e.g., the network interface circuit) sends the encrypted data and the MAC to the second first communication nodevia the connection. At, the second communication node(e.g., the network interface circuit) receives the encrypted data and the MAC originating from the first communication nodevia the connectionand forwards the same encrypted data and the MAC to the third communication nodevia the connection. Forwarding the encrypted data and the MAC includes the network interface circuitreceiving one or more data packets carrying the encrypted data and the MAC and sends the one or more data packets to an Internet Protocol (IP) address of the third communication node. The second communication node, including the cryptography circuit, refrains from decrypting the encrypted data, re-encrypting the encrypted data, verifying the MAC associated with the encrypted data, or regenerating the MAC associated with the encrypted data.

At, the third communication node(e.g., the network interface circuit) receives, from the second communication nodevia the connection, the encrypted data and the MAC originating from the first communication nodeand forwards the same encrypted data and the MAC to the fourth communication nodevia the connection. Forwarding the encrypted data includes the network interface circuitreceiving one or more data packets carrying the encrypted data and the MAC and sends the one or more data packets to an Internet Protocol (IP) address of the fourth communication node. The third communication node, including the cryptography circuit, refrains from decrypting the encrypted data, re-encrypting the encrypted data, verifying the MAC associated with the encrypted data, or regenerating the MAC associated with the encrypted data.

At, the fourth communication node(e.g., the network interface circuit) receives, from the third communication nodevia the connection, the encrypted data and the MAC originating from the first communication node. At, the cryptography circuitdecrypt the encrypted data using the data encryption session key derived at. The cryptography circuitcan also verify the MAC associated with the encrypted data, using the MAC session key.

In some examples, the fourth communication nodecan determine additional data, sometimes in response to the data decrypted at. For example, the data decrypted atcan be an identifier, link, address, or query to some data (e.g., the additional data) stored in the fourth communication node(e.g., a database). The fourth communication nodedetermines the additional data and provides the additional data to the first communication node. For example, the cryptography circuitof the fourth communication nodeencrypts the additional data using the data encryption session key and generates a MAC using the MAC session key. The fourth communication node(e.g., the network interface circuit) sends the encrypted data and the MAC to the third first communication nodevia the connection. The third communication node(e.g., the network interface circuit) receives the encrypted additional data and the MAC originating from the fourth communication nodevia the connectionand forwards the same encrypted additional data and MAC to the second communication nodevia the connection. The third communication node, including the cryptography circuit, refrains from decrypting the encrypted additional data, re-encrypting the encrypted additional data, verifying the MAC associated with the encrypted additional data, or regenerating the MAC associated with the encrypted additional data. In some examples, the third communication node(e.g., the cryptography circuit) can be provided by the nodeorthe data encryption session key and can decrypt the encrypted additional data originating from the fourth communication node. In such examples, the third communication nodecan relay the encrypted additional data and refrain from re-encrypting the encrypted additional data, verifying the MAC associated with the encrypted additional data, or regenerating the MAC associated with the encrypted additional data.

The second communication node(e.g., the network interface circuit) receives, from the third communication nodevia the connection, the encrypted additional data and the MAC originating from the fourth communication nodeand forwards the same encrypted additional data and the MAC to the first communication nodevia the connection. The second communication node, including the cryptography circuit, refrains from decrypting the encrypted additional data, re-encrypting the encrypted additional data, verifying the MAC associated with the encrypted additional data, or regenerating the MAC associated with the encrypted additional data. In some examples, the second communication node(e.g., the cryptography circuit) can be provided by the nodeorthe data encryption session key and can decrypt the encrypted additional data originating from the fourth communication node. In such examples, the second communication nodecan relay the encrypted additional data and refrain from re-encrypting the encrypted additional data, verifying the MAC associated with the encrypted additional data, or regenerating the MAC associated with the encrypted additional data.

The first communication node(e.g., the network interface circuit) receives, from the second communication nodevia the connection, the encrypted additional data and the MAC originating from the fourth communication node. The cryptography circuitdecrypt the encrypted additional data using the data encryption session key and verifies the MAC using the MAC session key.

Depending on the number of intermediary nodes in the TLS connection, the performance improvement of the methodcan be significant. The more nodes in the communication path of the TLS connection, the greater the performance improvement in asymmetric key establishment and symmetric cryptography. The overhead for traditional P2P TLS protocol increases linearly as nodes are added to the communication path, whereas the overhead for E2E TLS protocol remains largely similar with no increase in processing power needed as more nodes are added to the communication path.

is a methodfor performing communication connection-based or channel-based communications, according to various arrangements. Referring to, the methodcan be performed by the system, including the communication nodes,,, and. The connection or channel (e.g., the TLS connection, the SSL connection, or SSL/TLS connection) is established among the communication nodes,,, andas described herein. The methodcan be applied to any connection or channel in which the communication between the nodesandinvolve at least one intermediate node (e.g., the nodesand).

At, information is exchanged between a start node (e.g., the first communication node) and an end node (e.g., the fourth communication node), for example, via the intermediate nodes (e.g., the nodesand). In some examples, exchanging the information between the start node and the end node includes sending a message from the start node to the at least one intermediate node (e.g., at), relaying the message from the intermediate node to the end node (e.g., at,, and), sending a response to the message from the end node to the at least one intermediate node (e.g., at), and relaying the response from the intermediate node to the start node (e.g., at,, and).

In some examples, the message includes a public key of the start node. In some examples, the response includes a public key of the end node. In some examples, the message includes an ephemeral key of the start node. In some examples, the response includes an ephemeral key of the end node. In the examples in which the RSA key transport is deployed, the response from the end node includes the TLS server RSA public key (there is no TLS client RSA public key of the start node for key transport). In the examples in which DH or EDCH key agreement is deployed, the message includes the client public key of the start node and the response includes the server static public key of the end node, where the server static public key is in a public key certificate. In the examples in which DHE or ECDHE key agreement is deployed, the message includes the client ephemeral key of the start node and the response includes the server ephemeral key of the end node, where the TLS server (e.g., the end node) signs its ephemeral public key with a static private key whose static public key is in a certificate that the TLS client (e.g., the start node) uses to verify that TLS server has signed its ephemeral key. PQC key establishment mechanisms (KEM) will operate similarly.

At, the session keys are establish based on the information for a connection including the start node, the end node, and the at least one intermediate node (e.g., the nodesand). The session keys includes a data encryption session key and a MAC session key. In some examples, the connection is a TLS connection. In some examples, the session keys for the connection are established based on the information using a DH key agreement. In some examples, the session keys for the connection are established based on the information using an ECDH key agreement. In some examples, the session keys for the connection are established based on an ephemeral key agreement. In some examples, the session keys for the connection are established based on RSA key transport. At, the start node encrypts data using the data encryption session key. At, the start node generates a MAC using the MAC session key.

At, the at least one intermediate node relays the encrypted data and the MAC from the start node to the end node without the at least one intermediate node re-encrypting the data. In some arrangements, relaying via the at least one intermediate node the encrypted data from the start node to the end node without the at least one intermediate node re-encrypting the data includes receiving, by a first intermediate node (e.g., the second communication node) of the at least one intermediate node, the encrypted data and the MAC from the start node, sending, by the first intermediate node, the encrypted data and the MAC to a second intermediate node (e.g., the third communication node) of the at least one intermediate node without the first intermediate node re-encrypting the data or verifying the MAC, receiving, by the second intermediate node, the encrypted data and the MAC from the first intermediate node, and sending, by the second intermediate node, the encrypted data and the MAC to the end node without the second intermediate node re-encrypting the data or verifying the MAC.

In some examples, the at least one intermediate node relays the encrypted data to the end node without the at least one intermediate node decrypting the encrypted data encrypted by the start node. In some examples, the at least one intermediate node relays the encrypted data to the end node without the at least one intermediate node verifying the MAC associated with the encrypted data. In some examples, the at least one intermediate node relays the encrypted data to the end node without the at least one intermediate node regenerating the MAC associated with the encrypted data.

In some examples, the methodsandcan be used for a connection with deterministic routing or pathing, e.g., the nodes,,, andare known. In some examples, the methodscancan be triggered based on one or more of an identity of the first communication nodeor the intended target (e.g., the fourth communication node) with whom the first communication nodecommunicates. For example, at, the message to the second communication nodecan include one or more of the identity of the first communication node, an identifier for a type of communication (e.g., for a particular department of an enterprise, for a particular database), or an identifier of the fourth communication node, or so on. using one or more of the identity of the first communication node, an identifier for a type of communication, or an identifier of the fourth communication node, the second communication nodecan select whether communication for one or more of the first communication node, the type of communication, or the fourth communication nodecan use the methodsor. In response to determining that the methodsandcan be applied, the second communication nodeforwards the message at. On the other hand, in response to determining that the methodsandcannot be applied, the second communication noderesponds to the message with a response instead of forwarding the response as described.

As utilized herein, the terms “approximately,” “substantially,” and similar terms are intended to have a broad meaning in harmony with the common and accepted usage by those of ordinary skill in the art to which the subject matter of this disclosure pertains. It should be understood by those of ordinary skill in the art who review this disclosure that these terms are intended to allow a description of certain features described and claimed without restricting the scope of these features to the precise numerical ranges provided. Accordingly, these terms should be interpreted as indicating that insubstantial or inconsequential modifications or alterations of the subject matter described and claimed are considered to be within the scope of the disclosure as recited in the appended claims.

Although only a few arrangements have been described in detail in this disclosure, those skilled in the art who review this disclosure will readily appreciate that many modifications are possible (e.g., variations in sizes, dimensions, structures, shapes, and proportions of the various elements, values of parameters, mounting arrangements, use of materials, colors, orientations, etc.) without materially departing from the novel teachings and advantages of the subject matter described herein. For example, elements shown as integrally formed may be constructed of multiple components or elements, the position of elements may be reversed or otherwise varied, and the nature or number of discrete elements or positions may be altered or varied. The order or sequence of any method processes may be varied or re-sequenced according to alternative arrangements. Other substitutions, modifications, changes, and omissions may also be made in the design, operating conditions and arrangement of the various exemplary arrangements without departing from the scope of the present disclosure.

The arrangements described herein have been described with reference to drawings. The drawings illustrate certain details of specific arrangements that implement the systems, methods and programs described herein. However, describing the arrangements with drawings should not be construed as imposing on the disclosure any limitations that may be present in the drawings.

It should be understood that no claim element herein is to be construed under the provisions of 35 U.S.C. § 112(f), unless the element is expressly recited using the phrase “means for.”

As used herein, the term “circuit” may include hardware structured to execute the functions described herein. In some arrangements, each respective “circuit” may include machine-readable media for configuring the hardware to execute the functions described herein. The circuit may be embodied as one or more circuitry components including, but not limited to, processing circuitry, network interfaces, peripheral devices, input devices, output devices, sensors, etc. In some arrangements, a circuit may take the form of one or more analog circuits, electronic circuits (e.g., integrated circuits (IC), discrete circuits, system on a chip (SOCs) circuits, etc.), telecommunication circuits, hybrid circuits, and any other type of “circuit.” In this regard, the “circuit” may include any type of component for accomplishing or facilitating achievement of the operations described herein. For example, a circuit as described herein may include one or more transistors, logic gates (e.g., NAND, AND, NOR, OR, XOR, NOT, XNOR, etc.), resistors, multiplexers, registers, capacitors, inductors, diodes, wiring, and so on).